How I discovered a hidden microphone on a Chinese NanoKVM

Original Article ↗ Hacker News Discussion ↗

Hardware Design & “Hidden” Microphone

  • Many point out the NanoKVM is built on the LicheeRV Nano dev board, whose spec sheet clearly lists a microphone.
  • Explanation offered: they reused an off‑the‑shelf SBC to keep costs down, inheriting display/touch/mic/amp circuitry not needed for a KVM.
  • Vendor docs now say newer firmware removes mic drivers and future hardware will omit the component.
  • Disagreement on framing: some argue “hidden microphone in a Chinese KVM” is accurate because the retail KVM product didn’t advertise it prominently; others see this as overblown, since the mic is obvious on the PCB and documented in the wiki.

Threat Model: Mic vs KVM Compromise

  • Several argue that if an attacker has control of your KVM, they already have keyboard, mouse, and video; the microphone is a minor incremental risk.
  • Others note mics and even fan noise can be used as side channels for keylogging or air‑gap exfiltration, so it is still concerning in principle.
  • Counterpoint: using audio for keylogging in this context is perverse when the KVM itself can log keys directly.
  • Some emphasize most NanoKVMs are likely used in home labs, not loud, locked‑down server rooms.

Software & Security Critiques

  • More serious issues discussed: default passwords with SSH enabled, everything running as root, shared keys for JWT and firmware encryption, and lack of CSRF protection.
  • By contrast, complaints about missing systemd/apt, use of Chinese DNS servers, and inclusion of tools like tcpdump/aircrack are widely dismissed as misunderstanding embedded Linux and normal BSP practices.
  • Commenters note some flaws have already been fixed (e.g., SSH disabled by default; mic drivers removed).

Trust in Networked KVMs & BMCs

  • Broad consensus that any network‑connected KVM/BMC is inherently high‑risk and should live on an isolated management VLAN/subnet.
  • Anecdotes about other KVMs with unexplained traffic illustrate how opaque these devices can be; others show that “mysterious” traffic may just be documented bridge behavior.
  • Multiple comments argue the real systemic problem is weak security across embedded/BMC products globally, not uniquely “Chinese” malice.